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FOREWORD 


Several years ago, as thè primary focus of U.S. 
military strategy shifted to thè western Pacific re- 
gion, many respected authorities began to question 
thè relevance of thè North Atlantic Treaty Organiza- 
tion (NATO) in modern world events. More recent 
events, such as thè Russian Federation's annexation 
of Crimea, have given policy makers pause to ques- 
tion thè wisdom of anticipated force cuts in Europe. 
Amidst this turmoil, thè staffs of U.S. European Com- 
mand and U.S. Army Europe have been establishing 
and refining their capabilities to conduct military 
operations in and through thè cyberspace realm. 

If indeed thè decision is made to pursue military 
action in cyberspace, what capabilities are available 
within NATO forces to accomplish such activities? 
What organization, doctrine, and methods would 
guide operators who perform such actions? In this 
monograph, Mr. Jeffrey Caton explores these ques- 
tions within thè broader context of thè continued 
evolution of thè NATO Alliance. He argues that thè 
overall state of cyberspace activities within NATO ap- 
pears to be sound and that continued resourcing for, 
and pursuit of, improved cyberspace capabilities by 
U.S. military forces in Europe will help to ensure thè 
steady progress of NATO cyberspace endeavors. 



DOUGLAS C. LOVELACE, JR. 
Director 

Strategie Studies Institute and 
U.S. Army War College Press 
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SUMMARY 


The development of cyberspace defense capa- 
bilities for thè North Atlantic Treaty Organization 
(NATO) has been making steady progress since its for- 
mai introduction at thè North Atlantic Council Prague 
Summit in 2002. Bolstered by numerous cyber attacks 
such as those in Estonia in 2007, Alliance priorities 
were formalized in subsequent NATO cyber defense 
policies that were adopted in 2008, 2011, and 2014. 
This monograph examines thè past and current state 
of NATO's cyberspace defense efforts by assessing thè 
appropriateness and sufficiency of them to address 
anticipated threats to member countries, including thè 
United States. This analysis focuses on thè recent his- 
tory of NATO's cyberspace defense efforts and how 
changes in NATO's strategy and policy writ large em- 
brace thè emerging nature of cyberspace for military 
forces, as well as other elements of power. In generai, 
thè topics presented herein are well documented in 
many sources. Thus, this monograph serves as a prim- 
er for current and future operations and provides se- 
nior policymakers, decision-makers, military leaders, 
and their respective staffs with an overall apprecia- 
tion of existing capabilities as well as thè challenges, 
opportunities, and risks associated with cyberspace- 
related operations in thè NATO context. The scope 
of this discussion is limited to unclassified and open 
source information; any classified discussion must 
occur within another venue. 

This monograph has three main sections: 

• NATO Cyberspace Capability: Strategy and 
Policy. This section examines thè evolution of 
thè strategie foundations of NATO cyber activi- 
ties, policies, and governance as they evolved 
over thè past 13 years. It analyzes thè content of 


XI 


thè summit meetings of thè NATO North Atlan- 
tic Council for material related to cyber defense. 
It also summarizes thè evolution of NATO 
formai cyber defense policy and governance 
since 2002. 

• NATO Cyberspace Capability: Military Focus. 
NATO cyber defense mission areas include 
NATO network protection, shared situational 
awareness in cyberspace, criticai infrastructure 
protection (CIP), counter-terrorism, support to 
member country cyber capability development, 
and response to crises related to cyberspace. 
This section explores these mission areas by 
examining thè operations and planning, doc- 
trine and methods, and training and exercises 
related to NATO military cyberspace activities. 

• Key Issues for Current Policy. The new En- 
hanced Cyber Defence Policy affirms thè role 
that NATO cyber defense contributes to thè 
mission of collective defense and embraces 
thè notion that a cyber attack may lead to 
thè invocation of Artide 5 actions for thè Al- 
liance. Against this backdrop, this section ex- 
amines thè related issues of offensive cyber- 
space, deterrence in and through cyberspace, 
legai considerations, and cooperation with thè 
European Union. 

This monograph concludes with a summary of thè 
main findings from thè discussion of NATO cyber- 
space capabilities and a brief examination of thè im- 
plications for Department of Defense and Army forces 
in Europe. Please note that thè European spelling of 
some words (e.g., defence) may be used throughout 
this monograph to ensure thè accuracy of NATO 
organizational and operational titles. 
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NATO CYBERSPACE CAPABILITY: 
A STRATEGIC AND OPERATIONAL 
EVOLUTION 


INTRODUCTION 

The development of cyberspace defense capa- 
bilities for thè North Atlantic Treaty Organization 
(NATO) has been making steady progress since its for- 
mai introduction at thè North Atlantic Council Prague 
Summit in 2002. Bolstered by numerous cyber attacks 
such as those in Estonia in 2007, Alliance priorities 
were formalized in subsequent NATO cyber policies 
that were adopted in 2008, 2011, and 2014. This mono- 
graph examines thè past and current state of NATO's 
cyberspace defense efforts by assessing thè appropri- 
ateness and sufficiency of them to address anticipated 
threats to member countries, including thè United 
States. This analysis focuses on thè recent history of 
NATO's cyberspace defense efforts, and how changes 
in NATO's strategy and policy writ large embrace thè 
emerging nature of cyberspace for military forces as 
well as other elements of power. In generai, thè topics 
presented herein are well documented in many sourc- 
es. Thus this monograph serves as a primer for current 
and future operations to provide senior policymakers, 
decision-makers, military leaders, and their respective 
staffs with an overall appreciation of existing capabili- 
ties as well as thè challenges, opportunities, and risks 
associated with cyberspace-related operations in thè 
NATO context. 
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NATO CYBERSPACE CAPABILITY: 
STRATEGY AND POLICY 


The founding principles of NATO were thè col- 
lective defense, crisis management, and cooperative 
security amongst its member countries. Conceived in 
a Cold War environment, thè Alliance has endured 
strategie changes through major conflicts and thè 
global power shifts that eventually led to thè fall of 
thè Warsaw Pact. After a brief period where some 
pundits questioned its relevancy, NATO has experi- 
enced a renaissance of its core security functions with 
thè adoption of a new Strategie Concept in 2010. This 
section examines thè recent evolution of thè strategie 
foundations of NATO cyber activities, policies, and 
governance as they evolved over thè past 13 years. 

Cyberspace Addressed in Major Accords. 

The 2002 NATO North Atlantic Council (NAC) 
Summit in Prague, Czech Republic marked thè entry 
of cyber defense as a significant issue worthy of thè 
collective attention of thè Alliance. 1 Leaders at thè 
summit directed thè creation of a technical NATO cy- 
ber defense program that included thè establishment 
of thè NATO Computer Incident Response Capability 
(NCIRC). 2 

While work on cyber defense progressed, there 
was no mention of it in a NAC summit again until thè 
2006 meeting in Riga, Latvia. Table 1 summarizes thè 
key strategic-level content from NATO summit meet- 
ings held over thè past decade (see thè Appendix for 
thè verbatim excerpts of cyber-related content from 
these meetings). 
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NATO North 
Atlantic Council 
Summit Meeting 

Key Strategie Cyberspace-Ftelated Issues 
in Summit Declaration 

Riga, Latvia 
November 29, 
2006 

• Endorsed work to develop a NATO Network 
Enabled Capabilityto share information in 
Alliance operations and improve protection 
against cyber attack. 3 

Bucharest, 
Hungary 
Aprii 3, 2008 

• Adopted an initial Policy on Cyber Defense 
and development of supporting structures and 
authorities to implement it. 4 

Strasbourg-Kehl, 
France/Germany 
Aprii 2-3, 2009 

• Established a NATO Cyber Defence Manage- 
ment Authority (CDMA). 

• Improved thè existing Computer Incident 
Response Capability. 

• Activated thè Cooperative Cyber Defence 
Centre of Excellence (CCD COE) in Estonia. 5 

Lisbon, Portugal 
November 20, 
2010 

• Called for an updated NATO in-depth cyber 
defense policy by June 201 1 as well as a 
supporting action pian. 

• Accelerated goal of NATO Computer Incident 
Response Capability (NCIRC) to Full Opera- 
tional Capability (FOC) by 2012. 

• Called for all NATO bodies to be under cen- 
tralized cyber protection. 

• Use NATO’s defense planning processes to 
develop Allies’ cyber defense capabilities and 
improve interoperability. 

• Work closely with other actors, such as thè 
United Nations (UN) and thè European Union 
(EU). 5 


Table 1. Key Cyber Issues at Recent NATO 
North Atlantic Council Summit Meetings. 
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NATO North 
Atlantic Council 
Summit Meeting 

Key Strategie Cyberspace-Related Issues 
in Summit Declaration 

Chicago, Illinois, 
USA 

May 20, 2012 

• Confirmed adoption of a new Cyber Defence 
Concept, Policy, and Action Pian. 

• Reiterated efforts to improve NATO capabili- 
ties and planning to address cyber attacks by 
continuing to pursue centralized cyber protec- 
tion of NATO bodies; integrate cyber defense 
into Alliance structures and procedures and 
strengthen Alliance collaboration and interop- 
erability. 7 

Newport, Wales, 
UK 

September 5, 2014 

• Endorsed an Enhanced Cyber Defence Policy. 

• Reaffirmed ongoing efforts to improve NATO 
capabilities and planning to address cyber 
attacks through new initiatives with industry; 
with cyber defense education, training, and 
exercise activities; and with a cyber range 
capability. 8 


Table 1. Key Cyber Issues at Recent NATO 
North Atlantic Council Summit Meetings. (cont.) 


The 2009 Annual Session of thè NATO Parliamen- 
tary Assembly included a report, "NATO and Cyber 
Defence," that provided an in-depth review of thè key 
issues faced by thè Alliance in thè cyberspace realm. 
The report's conclusion characterized thè urgent need 
for NATO cyber defense: 

All indications signal that cyber attacks are now one of 
thè most serious asymmetric threats faced by thè Alli- 
ance and its member States, along with terrorism and 
nuclear proliferation. The open nature of thè Internet 
makes preventing cyber attacks difficult; effective 
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international cooperation will be criticai to addressing 
this problem in thè years to come. As thè world's pre- 
mier collective defence entity, NATO has a responsi- 
bility to take adequate measures to protect itself from 
such threats, as well as having a potentially significant 
role to play in contributing to thè cyber defence of its 
Members, both through deterrence and by coordinat- 
ing common cyber security measures. NATO's new 
strategie concept should reflect this important new el- 
ement of Alliance activity. National parliamentarians 
have an important role to play in hastening thè imple- 
mentation of NATO's cyber defence policy, as well as 
ensuring that cyber security measures are responsibly 
put in place and exercised at thè domestic level . 9 

A significant outeome of thè 2010 Lisbon Summit 
was thè adoption of a new NATO Strategie Concept: 
"Active Engagement, Modern Defence." 10 This officiai 
document describes NATO's enduring purpose, fun- 
damental security tasks, and anticipated security en- 
vironment. It also provides guidance on how military 
forces should adapt to implement thè new concept. 
There have been only six previous Strategie Concepts, 
thè first tour of which were classified documents that 
reflected thè evolution of NATO throughout thè Cold 
War and addressed issues such as thè doctrines of 
massive retaliation and flexible response for nuclear 
weapons. Strategie Concepts in 1991 and 1999 ad- 
dressed thè emerging challenges of a post-Cold War 
geopolitical environment. 11 

"Active Engagement, Modern Defence" is focused 
on three essential core tasks: collective defense, crisis 
management, and cooperative security. 12 Its section 
describing "The Security Environment" includes a 
paragraph that States, "cyber attacks are becom- 
ing more frequent, more organized and more costly 
in damage" to governments and industries in thè 
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alliance. It also notes that such attacks may not only 
come from foreign militaries, but also from "orga- 
nized criminals, terrorists and/ or extremist groups." 13 
The Strategie Concept's section on "Defence and De- 
terrence" outlines thè scope of military capabilities 
required by NATO to cope with challenges such as 
nuclear operations, ballistic missile defense, expedi- 
tionary operations, counter-terrorism measures, and 
energy security. It also explicitly mentions thè broad 
areas of capability required to confront cyber attacks: 

We will ensure that NATO has thè full range of ca- 
pabilities necessary to deter and defend against any 
threat to thè safety and security of our populations. 
Therefore, we will. . .develop further our ability to pre- 
vent, detect, defend against and recover from cyber- 
attacks, including by using thè NATO planning pro- 
cess to enhance and coordinate national cyber-defence 
capabilities, bringing all NATO bodies under central- 
ized cyber protection, and better integrating NATO 
cyber awareness, warning and response with member 
nations . 14 

Cyber Policy and Governance. 

An initial NATO Cyber Defence Policy was adopt- 
ed at thè 2008 NATO NAC Summit in Bucharest. The 
policy was then updated after thè 2010 Lisbon Sum- 
mit and again after thè 2014 Wales Summit. Table 2 
summarizes thè key tenets of each of these policies. 
The 2008 version provided some of thè foundational 
elements for future policies and began thè process of 
centralizing NATO cyber efforts through institutions 
such as thè Cyber Defence Management Authority 
(CDMA). The CDMA mission was "to initiate and co- 
ordinate cyber defenses, review capabilities, and con- 
duci appropriate risk management." 15 
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The 2011 NATO Cyber Defence Policy followed 
thè adoption of thè new NATO Strategie Concept and 
thus focused on methods to further N ATO's collective 
ability "to prevent, detect, defend against and recover 
from cyber-attacks." 16 It also established a cyber de- 
fense governance with a hierarchy that flowed from 
thè NAC to thè Defence Policy and Planning Com- 
mittee in Reinforced Format, then to thè NATO Cyber 
Defence Management Board (CDMB), and finally to 
thè NCIRC. 17 


Year 

Key Tenets of NATO Cyber Policy 

2008 

• Emphasize protection of key information Systems. 

• Share best practices for cyber defence. 

• Develop capability to assist Allied nations, upon request, to 
counter cyber attack. 

• Develop NATO’s cyber defence capabilities. 

• Strengthen linkage between NATO and national authorities. 18 

2011 

• Integrate cyber defence considerations into NATO structures 
and planning processes in order to perform NATO’s core tasks 
of collective defence and crisis management. 

• Focus on prevention, resilience, and defence of criticai cyber 
assets to NATO and Allies. 

• Develop robust cyber defence capabilities and centralize pro- 
tection of NATO’s own networks. 

• Develop minimum requirements for cyber defence of national 
networks criticai to NATO’s core tasks. 

• Provide assistance to thè Allies to achieve a minimum level 
of cyber defence and reduce vulnerabilities of national criticai 
infrastructures. 

• Engagé with partners, international organizations, thè private 
sectorand academia. 19 


Table 2. Key Tenets of NATO Cyber Defence 
Policy Versions. 
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Year 

Key Tenets of NATO Cyber Policy 

2014 

• Reaffirms thè principles of thè indivisibility of Allied security 
and of prevention, detection, resilience, recovery, and defence. 

• Recalls that thè fundamental cyber defense responsibility of 
NATO is to defend its own networks. 

• Emphasizes responsibility of Allies to develop relevant capabili- 
ties for protection of their national networks. 

• Recognizes that international law applies in cyberspace. 

• Affirms that cyber defence is part of NATO’s core task of col- 
lective defense under Artide 5. 20 


Table 2. Key Tenets of NATO Cyber Defence 
Policy Versions. (cont.) 


The 2014 NATO Enhanced Cyber Defence Policy 
refines cyber governance processes and formerly ties 
cyber to thè traditional NATO core task of collective 
defense. However, it also clarifies that NATO cyber 
defense exists primarily to defend its own networks 
and thus individuai member countries are expected 
to defend their own national networks. It also pro- 
mulgates thè view that international law applies to 
cyberspace. 21 The governance maintains thè NAC is 
thè body that provides strategic-level oversight and 
"exercises principal authority in cyber defence-related 
crisis management." 22 Other key elements of NATO 
cyber governance include: 

The Cyber Defence Committee (formerly thè Defence 
Policy and PlanningCommittee/ Cyber Defence), sub- 
ordinate to thè NAC, is thè lead committee for politi- 
cai governance and cyber defence policy in generai, 
providing oversight and advice to Allied countries on 
NATO's cyber defence efforts at thè expert level. At 
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thè working level, thè NATO Cyber Defence Manage- 
ment Board (CDMB) is responsible for coordinating 
cyber defence throughout NATO civilian and military 
bodies. The CDMB comprises thè leaders of thè policy, 
military, operational and technical bodies in NATO 
with responsibilities for cyber defence . 23 

However, how would this governance process be 
applied to determine thè appropriate response to any 
perceived aggression in cyberspace against NATO 
or one of thè Alliance members? According to Jason 
Healey and Klara Tothova Jordan of thè Atlantic 
Council's Cyber Statecraft Initiative, "This process for 
engagement begins at thè technical level. If an inci- 
dent has politicai implicati ons, N ATO's cyber defense 
efforts get elevated from thè NCIRC to thè CDMB 
and CDC [Cyber Defence Committee] through to thè 
NAC." 24 The NAC would determine thè appropriate 
level of response, which could include invoking col- 
lective defense through Artide 5 of thè NATO Char- 
ter, although this is considered unlikely unless there 
is significant physical damage or deaths involved. 25 
Within thè constructs of international law, thè NATO 
charter, and thè United Nations charter there remains 
generai ambiguity as to exactly how an incident in 
cyberspace may be considered an act of war. 26 If in- 
deed thè decision is made to pursue military action in 
thè cyberspace realm, what capabilities are available 
within NATO forces to accomplish this? 

NATO CYBERSPACE CAPABILITY: MILITARY 
FOCUS 

In a June 2013 blog article, General Philip Breed- 
love, Supreme Allied Commander Europe (SACEUR), 
promulgated thè need for NATO forces to fully 
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embrace and integrate cyber defense into their opera- 
tions. Noting that NATO had endured over 2,500 cy- 
ber attacks in its networks during 2012, he declared 
thè threat to be significant enough to drive upgrades 
in incident response capability. 

The idea is simple and as old as thè alliance. Whether 
thè threat comes from thè barrei of a gun or from a 
high speed internet connection, you're not alone when 
your security is threatened. The destructive conse- 
quences of a cyber attack can be just as devastating as 
thè aftermath of a conventional attack and so we as a 
military alliance must be prepared with appropriate 
response options . 27 

Consistent with its current Cyber Defence Policy, 
NATO's top priority is to protect its own Communi- 
cations and information systems (CIS) that support 
alliance military operations. 28 NATO also has several 
major supporting mission areas that include shared 
situational awareness in cyberspace, criticai infrastruc- 
ture protection (CIP), criticai information infrastruc- 
ture protection (CIIP), counter-terrorism, support to 
member countries cyber-capability development, and 
response to crises related to cyberspace. To explore 
these mission areas, let us examine thè operations and 
planning, doctrine and methods, and training and ex- 
ercises related to NATO military cyberspace activities. 

Operations and Planning. 

As thè NAC provides policy and strategie guid- 
ance, and NATO Headquarters committees provide 
governance, Allied Command Operations (ACO) pro- 
vides thè planning and execution of all alliance opera- 
tions. ACO operates at strategie, operational, and tac- 
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tical levels to achieve its primary mission of ensuring 
integrity of Alliance territory as well as supporting 
missions that may require deployment outside this 
area. Strategie level operations are directed within 
thè Supreme Headquarters Allied Powers Europe 
(SHAPE) located in Mons, Belgium. Operational level 
operations rely on standing Joint Force Commands in 
Brunssum, thè Netherlands (JFCBS) and in Naples, It- 
aly (JFCNP) which operate in a similar manner as U.S. 
joint forces in that they may conduct operations from 
their permanent location or from a headquarters de- 
ployed to thè theater of operations. Tactical level oper- 
ations are directed by three domain-based commands: 
Headquarters Allied Land Command (HQ LAND- 
COM) in Izmir, Turkey, Headquarters Allied Maritime 
Command (HQ MARCOM) in Northwood, U.K., and 
Headquarters Allied Air Command (HQ AIRCOM) in 
Ramstein, Germany. Support of operational command 
and control comes from thè CIS Group headquartered 
in Mons, Belgium, with signal battalions in Germany, 
Italy, and Poland. 29 The force structure is organized in 
three broad categories, which are in decreasing order 
of readiness level: in-place forces, deployable forces, 
and long term build up forces. 30 

The organization of NATO cyber operations fol- 
lows a similar paradigm. Strategic-level cyber de- 
fense and situational awareness occurs at ACO and 
operational-level cyber activities occur at thè JFCs, 
tactical commands, and CIS Group. 31 Tactical-level 
cyber situational awareness is primarily provided by 
thè NATO Communications and Information Agency 
(NCI Agency), an agency established in July 2012 as 
a merger of more than five separate NATO entities to 
help achieve unity of effort. 32 NCI Agency supports 
routine daily ACO operations and during crisis re- 
sponse ACO prioritizes thè NCI Agency efforts. While 
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thè NCI Agency primary mission is to connect and 
defend Alliance networks, it also assists NATO and 
Partner Nations develop interoperable communica- 
tion and information capabilities. 33 

To provide NATO with Constant and integrated 
cyber defense coverage, thè NCI Agency operates 
technical elements of thè NCIRC. 34 Initially envisioned 
in thè 2002 Prague Summit to be "thè Alliance's 'first 
responders' to prevent, detect, and respond to cyber 
incidents," 35 thè NCIRC developed its initial capa- 
bilities between 2003 and 2006 and then continued to 
evolve in both its capacity and capability. 36 The term 
"full operational capability (FOC)" has been applied 
to thè NCIRC in several contexts. For example, thè 
2010 Lisbon and 2012 Chicago summits pushed for 
FOC by thè end of 2012. As noted by one of thè key 
project managers, "Tuli operational capability' is per- 
haps a misnomer — cyberthreats are constantly evolv- 
ing, and we [NATO] will never have a final or full 
capability." 37 Capabilities have improved steadily as 
thè NCIRC FOC was implemented in planned incre- 
ments. 38 The FOC achieved in May 2014 at a cost of €58 
million (U.S. $74.5 million) now provides improved 
cyber protection of 55 NATO sites worldwide. 39 

Part of thè NCIRC FOC Project was thè establish- 
ment of a rapid reaction team (RRT) capability by thè 
end of 2012. The RRT capability consists of a perma- 
nent core of six cyber experts as well as national or 
NATO experts in other areas unique to thè specific 
mission that can be formed to respond within 24 hours 
of an incident. 40 The RRT participates in NATO-spon- 
sored exercises to hone thè skills of its members and 
to refine its procedures. The limited nature of thè RRT 
resources requires thè team to work with industry 
as well as with thè Computer Emergency Response 
Teams (CERTs) of affected nations. 41 
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The NCIRC also has a staff-run Coordination Cen- 
ter, which coordinates cyber defense activities within 
NATO as well as provides staff support to thè CDMB 
and liaison to external organizations, such as thè Eu- 
ropean Union (EU). 42 One area of such collaboration is 
that of CIP, a challenge that is not limited to military 
operations alone. As one cyber subject matter expert 
at thè NATO Joint Warfare Centre argues: 

Some military professionals argue that protecting cy- 
berspace where civilian infrastructure operates is a 
civil matter, however, if an attack against infrastruc- 
ture can affect thè military operation, it has to be re- 
garded in thè Operational Planning Process. 43 

Certainly, NATO has made great strides in thè area of 
its own CIIP 44 through such accomplishments as thè 
NCIRC FOC, but how can and should NATO cyber 
operations support thè more generai threat of CIP? 

In December 2012, thè NATO Emerging Security 
Challenges Division in Brussels sponsored a confer- 
ence focused on NATO's role in CIP. Findings of thè 
meeting included thè recognition that NATO's role 
might necessitate many response capabilities for CIP 
that involve such activities as disaster relief and anti- 
terrorism perhaps coordinated with cyber defense. 
However, thè conference sponsor noted: 

NATO cannot be thè sole answer or panacea to many 
of thè challenges of criticai infrastructure but thè Alli- 
ance cannot afford to turn its back on them entirely if 
it seeks to remain a relevant security organization in 
thè 21st century. 45 
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One of thè key concerns noted by attendees was how 
to define and prioritize thè CIP assets among allies, as 
well as how to include private business. 46 These issues 
can be addressed, in part, through thè proper plan- 
ning of military operations. 

Traditional military planning requires inputs and 
coordination amongst staff elements at thè appropri- 
ate headquarters. For current cyberspace activities at 
Headquarters NATO, coordination may involve staffs 
of thè J2 (Intelligence), J3 (Operations), J5 (Plans and 
Policy), J6 (Consultation, Control and Communica- 
tions), and J 7 (Cooperation and Regional Security 
Division) and activities at lower-level headquarters 
will likely involve similar staff structures. One of thè 
greatest challenges for NATO is akin to that faced by 
U.S. forces with regard to which staff element leads 
thè effort — that is, who's in charge? Although no stan- 
dard NATO organization structure for cyber defense 
planning has been codified, common themes have 
emerged from exercises. One recommendation is to 
follow thè traditional goal "to establish cross-fune - 
tional staff entities to harness expertise for application 
and focus to cyber problems." 47 It is also prudent to 
develop concepts that mirror some traditional joint 
task force staffs, such as a Cyber Defence Celi and Cy- 
ber Defence Working Group as vehicles to facilitate 
coordination. 48 

When actually engaged in operations, a Joint Task 
Force commander must try to maintain thè neces- 
sary operations tempo despite cyber attacks aimed at 
disrupting this objective. Thus, operational planning 
should fully understand and appreciate thè vulner- 
abilities as well as thè enhancements that cyberspace 
capabilities may present. As noted in thè Joint Warfare 
Centre Three Swords Magazine, " operati onally-minded 
decisions must prevail in determining how best to 
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avoid, mitigate and prevent thè consequences of Cy- 
ber attacks on these vulnerabilities [that are caused by 
operation's cyber dependencies]." 49 

In addition to operational planning, NATO must 
incorporate cyberspace requirements into its resource 
planning process. In Aprii 2012, cyber defense was 
integrated into thè NATO Defence Planning Process 
(NDPP). 50 To get thè most from resource expendi- 
tures, NATO has introduced an initiative — Smart De- 
fence— to leverage thè sharing of capabilities in a time 
of austerity. Put simply, "Smart Defence is a coopera- 
tive way of generating modern defence capabilities 
that thè Alliance needs, in a more cost-efficient, effec- 
tive and coherent manner." 51 The initiative includes 
projects for enhanced cyber defense. In Aprii 2015, thè 
Portuguese Ministry of Defence hosted thè first Cyber 
Defence Smart Defence Projects' Conference, which 
included presentations on thè three projects in work, 
as well as sessions on cooperation with academia and 
industry. The first project is thè Malware Information 
Sharing Platform (MISP), an initiative led by Belgium 
to "facilitate information sharing of thè technical char- 
acteristics of malware within a trusted community 
without having to share details of an attack." 52 The 
MISP capability was initially designed to support 
NCIRC Technical Centre work but is now available to 
all member countries. 53 

The second project, Multinational Cyber Defence 
Capability Development (MN CD2), is an effort start- 
ed in March 2013 and led by thè Netherlands teamed 
with Canada, Denmark, Norway, and Romania. The 
project goal is to "cooperate on thè development of: 
improved means of sharing technical information; 
shared awareness of threats and attacks; and advanced 
cyber defence sensors" 54 MN CD2 activities are man- 
aged in several work packages; thè four initial work 
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packages are Technical Information Sharing, 55 Cyber 
Defence Situational Awareness (CDSA), 56 Distributed 
Multi-sensor Collection and Correlation Infrastruc- 
ture (DMCCI), 57 Cyber Information and Incident Co- 
ordination System (CIICS) Enhancements. 58 Two new 
MN CD2 work packages were approved in June 2015: 
CIICS Support Work Package and a Cyber Security 
Assessment Team (CSAT) capability. 59 

The third project, Multinational Cyber Defence 
Education and Training (MN CD E&T), helps to de- 
velop courses for cyber education programs, battle lab 
support for training, and cyber range support for ex- 
ercises to enhance professional development and cer- 
tification of cyber defense personnel. Led by Portugal, 
there are 11 NATO countries formally participating 
with another 11 countries, as well as thè EU, who are 
interested; currently, thè United States is not among 
thè group. 60 

Capabilities and lessons learned from these Smart 
Defence programs are being applied to support thè 
broader Connected Forces Initiative (CFI) to enhance 
interconnectivity and interoperability of Allied forces. 
Together, these programs support thè NATO Forces 
2020 goal: “a coherent set of deployable, interoperable 
and sustainable forces equipped, trained, exercised 
and commanded to operate together and with part- 
ners in any environment." 61 Details of thè CFI were 
outlined in thè 2014 NATO Wales Summit Declaration 
and they include thè large-scale (25,000 personnel) 
exercise Trident Juncture. 62 For this exercise, cyber 
defense experts from thè NATO Joint Warfare Centre 
pian to practice skills and techniques that were refined 
through thè STEADFAST series of NATO exercises. 63 
What doctrine and methods form thè basis for how 
operators will perform in these exercises? 
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Doctrine and Methods. 


Allied Command Transformation (ATC) is one 
of two strategie commands of NATO; together with 
ACO they form thè NATO Command Structure 
(NCS). While ACO focuses on current operati ons, 
ACT concentrates on transformation initiatives for 
NATO military structure, forces, capabilities, and 
doctrine. Headquartered in Norfolk, Virginia, ACT 
direets three major units: thè Joint Warfare Centre in 
Stravanger, Norway; thè Joint Force Training Centre 
in Bydgoszcz, Poland; and thè Joint Analysis and Les- 
sons Learned Centre in Monsanto, Portugal. Other 
NATO education and training centers and Centres 
of Excellence (COE) coordinate their activities with 
ACT. 64 

The only NATO accredited COE dedicated to cy- 
berspace activities is thè Cooperative Cyber Defence 
Centre of Excellence (CCD COE) located in Tallinn, 
Estonia. The CCD COE was established in October 
2008 via a Memorandum of Understanding amongst 
seven NATO countries (Estonia, Germany, Italy, Lith- 
uania, Latvia, thè Slovak Republic, and Spain) with a 
vision "to enhance cooperative cyber defence capabili- 
ties of NATO and NATO nations, thus improving thè 
Alliance's interoperability in thè field of cooperative 
cyber defence." 65 Through its myriad endeavors, thè 
CCD COE supports NATO education, training, exer- 
cise, and research programs. These efforts include an 
annual conference on Cyber Conflict first held in 2009; 
numerous cyberspace-related workshops and short 
courses addressing issues from tactical technical pro- 
cedures up through national-level strategie planning; 
annual dedicated cyber exercises first held in 2010 as 
well as support to large-scale NATO exercises; and an 
extensive on-line library. 66 
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Two other NATO-accredited COEs sponsor cyber- 
related activities related to maritime operations and 
defense against terrorism. The Combined Joint Opera- 
tions From The Sea Centre of Excellence (CJOS COE) 
in Norfolk, Virginia, has an ongoing Maritime Cyber 
Security project to "lead thè development of a net- 
worked response to maritime cyber security threats 
and challenges." 67 The center has produced white 
papers on thè cyber defense aspects of maritime op- 
erations and port security as well as thè related le- 
gai implications. 68 The Centre of Excellence Defence 
Against Terrorism (COE-DAT) in Ankara, Turkey, has 
developed and delivered various courses and work- 
shops regarding terrorist activities in cyberspace. 69 
The COE-DAT sponsored its first cyberspace-related 
course, "Countering Cyber Terrorism," in November 
2006, which included participants from 18 countries (9 
NATO and 9 non-NATO). 70 The center' s most recent 
courses include "Terrorist Use of Cyberspace" in May 
2014 71 and "Criticai Infrastructure Protection against 
Terrorist Attacks" in November 2014; 72 both courses 
explored a diverse variety of cyberspace-related top- 
ics on thè physical and Virtual environments. 

The state of doctrine development for cyberspace 
operations is stili in thè formative stages. A search 
through publicly available NATO Allied Joint Doc- 
trine documents reveals an incomplete incorporation 
of cyberspace activities. The capstone document for 
Allied Joint doctrine, AJP-01 (December 2010), recog- 
nizes "cyber-operations" as an extension of traditional 
NATO security challenges; highlights thè increase in 
reliance of Alliance operations on information Sys- 
tems and thè resulting vulnerability to cyber attacks; 
and depicts cyber operations as a subset of defensive 
information operations. 73 Even though it was pub- 
lished 4 months after thè current AJP-01, thè capstone 
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document for communication and information Sys- 
tems doctrine, AJP-6 (Aprii 2011), contains no explicit 
mention of "cyber" or "cyberspace." Instead, AJP-6 
focuses on security aspects of communication and 
information systems in thè guise of "Information As- 
surance" designed to "to ensure thè systems and net- 
works employed to manage thè criticai information 
used by an organization are reliable and secure, and 
processes are in place to detect and counter malicious 
activity." 74 The capstone document for operational 
planning, AJP-5 (June 2013), includes cyberspace as a 
functional area for planning on par with maritime, air, 
space, and land. AJP-5 also places "defensive cyber 
operations" amongst thè means to help achieve coher- 
ence and synergy in thè planning for joint targeting 
and thè employment of joint fires. 75 

For operational doctrine, thè relevant capstone 
document, AJP-3 (March 2011), has an inconsistent 
incorporation of cyberspace. The publication initially 
depicts cyberspace as a subset of thè information en- 
vironment, but later puts it on par with other joint 
capabilities in thè statement: 

A joint operation endeavours to synchronize thè em- 
ployment and integration of thè capabilities provided 
by land, maritime, air, space, cyber space, special op- 
erations and other functional forces . 76 

AJP-3 maintains thè perspective of cyberspace as 
its own domain when describing thè elements of a 
Joint Force Commander's establishing directive, 77 but 
then places it back under thè information environment 
in thè description of The Operational Environment. 78 

Currently, there is no dedicated NATO doctrine for 
cyberspace operations akin to thè U.S. Joint Publication 
3-12(R), Cyber Operations (October 2014); most of thè 
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details of such activities are captured in AJP-3.10, Al- 
lieti Joint Doctrinefor Information Operations(November 
2009). AJP-3.10 uses thè nomenclature of computer 
network operations (CNO) and computer network de- 
fense (CND) that was used in U.S. joint doctrine prior 
to thè release of JP 3-12(R). 79 In efforts to improve this 
situation, thè NATO Joint Warfare Centre notes there 
is ongoing work "to develop a JTF HQ SOP [standard 
operating procedure] 218 for Cyber Defence, which 
will likely serve to identify pre-doctrinal processes 
and standard working methods before doctrine is in 
place." 80 Also, thè cyberspace doctrine is evolving 
through lessons learned from various NATO exer- 
cises, as illustrated by thè development of key plan- 
ning products such as a Cyber Prioritized Asset List 
(CPAL), Cyber Risk Assessment Matrix (CRAM), and 
Warning Advice and Reporting Points (WARP). 81 

The continued development of cyberspace future 
doctrine should consider not only military capabili- 
ties, but also those of industry as well considering that 
thè NCI Agency website States "80% of our [thè NCI 
Agency] work is done through contracts with national 
Industries." 82 To facilitate enhanced relationships with 
commercial cyberspace ventures, thè NATO Industry 
Cyber Partnership (NICP) was launched on Septem- 
ber 17, 2014 at a 2-day conference in Mons, Belgium, 
with 1,500 industry leaders and NATO policy mak- 
ers. 83 The key principle of thè NICP initiative is that 
thè NCI Agency "will cooperate with thè private sec- 
tor for thè primary purpose of reinforcing thè protec- 
tion of NATO's own networks." 84 The NICP builds 
upon existing cooperative efforts, such as guidelines 
for information sharing at thè technical level to en- 
hance cyber security. 85 Recent NICP accomplish- 
ments include thè successful conclusion of thè Cyber 
Security Incubator Pilot Project in which: 
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NATO, industry, and academic participants worked 
together on defining challenges and investigating in- 
novative Solutions in thè areas of big data and data fu- 
sion, cyber defence situational awareness, and mobile 
security . 86 

Another recent NICP partnership is one between 
thè NCI Agency and Microsoft as part of thè compa- 
ny' s Government Security Program (GSP) to "evalu- 
ate and protect existing systems and maintain more 
secure infrastructure." 87 

The Multinational Capability Development Cam- 
paign (MCDC) effort for 2013-2014 is a recent venture 
involving many NATO countries designed to develop 
and refine fundamental processes to integrate cyber- 
space operations into operational doctrine. As thè 
seventh iteration in a Multinational Experimentation 
series that started in 2001, thè theme for MCDC 2013- 
2014 was Combined Operational Access. 88 Participants 
from 19 countries focused "on thè versatile, agile ca- 
pabilities required to project combined forces into 
an operational area with sufficient freedom of action 
to accomplish thè mission." 89 The project is divided 
across seven Focus Areas, which included Cyber Im- 
plications for Combined Operational Access (CICOA). 
This is an effort of 14 contributing countries led by It- 
aly and Norway to "develop procedural and technical 
Solutions to facilitate thè integration of cyber into thè 
operational planning process." 90 Tasks were separated 
into two workstrands: one led by Norway to explore 
"Operational Planning and thè Cyber Domain" and 
thè other led by Italy to study "Cyber Capabilities 
and Data Analysis." Anticipated deliverables under 
review include guidelines and a handbook to sup- 
port joint operational planning processes, to include 
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thè A CO Comprehensive Operations Planning Direc- 
tive (COPD). CICOA products also include guidelines 
and taxonomy for data analyses that support cyber 
situational awareness and threat assessment as part 
of thè intelligence process. 91 The current program of 
work for MCDC 2015-2016 includes a focus area on 
Multinational Defensive Cyber Operations (MDCO) 
led by thè United States to build upon previous work 
and "to develop a quicker way to effectively integrate 
multinational forces to conduct defensive cyber op- 
erations" for thè Multinational Force Commander. 92 
What are some practical means, short of actual crisis, 
where doctrine and processes such as that produced 
by thè MCDC/ CICOA undertaking can be learned, 
applied, and perfected? 

Education, Training and Exercises. 

Cyberspace-related education and training occurs 
at multiple levels throughout NATO. The NATO De- 
fense College in Rome, Italy, addresses cyber defense 
issues at thè strategie level, focusing on their broader 
geopolitical implications. In December 2013, thè Col- 
lege hosted a forum on "NATO and thè Future of Cy- 
ber Security" designed to promote a dialogue within 
NATO and thè international security community. 93 
The College' s Research Division also publishes papers 
on cyberspace topics, such as lessons learned from thè 
2007 Estonia attack, future threats, and doctrine de- 
velopment. 94 The NATO School in Oberammergau, 
Germany, currently provides six resident courses re- 
lated to cyber and information operations at thè op- 
erational level to support NATO staff officers and net- 
work security personnel. 95 The NATO Joint Warfare 
Centre provides training for joint and operational- 
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level headquarters to include awareness and appre- 
ciation for thè implications of cyberspace activities in 
NATO operations. 96 The NATO Communications and 
Information Systems School (NCISS), which became 
part of thè NCI Agency in July 2012, provides five 
cyber-related resident courses for CIS operators and 
staff personnel. It also provides support to deployed 
operations and subject matter expertise for exercises, 
conferences, and workshops. 97 The skills achieved by 
personnel through education and training can be test- 
ed at thè Cyber Range operated by Estonian Defence 
Forces and adopted for NATO use in June 2014. 98 The 
Cyber Range capability provides an excellent founda- 
tion for NATO cyberspace-related exercises. 

NATO approaches cyberspace-related exercises 
in two broad categories — those specific to cyber op- 
erations and those integrated into existing exercises. 99 
The largest NATO cyber defense exercise is thè “Cy- 
ber Coalition" series that has been conducted annual- 
ly since 2008. Cyber Coalition 2014 involved "over 600 
technical, government, and cyber experts operating 
from dozens of locations from across thè Alliance and 
partner nations" as well as observers from academia 
and industry. The exercise also served as a testbed 
for thè CIICS product from thè Smart Defence initia- 
tive. 100 Cyber Coalition 2014 also "provided a stage for 
exercising strategie- and operational-level Informa- 
tion sharing, senior-level decision making, and multi- 
disciplined coordination in thè cyber realm" amongst 
26 Allied and five partner nations participating. 101 
The exercise control staff was hosted by thè Estonian 
National Defence College in Tartu, Estonia and uti- 
lized thè newly adopted NATO Cyber Range there. 102 
Tartu also hosted Cyber Coalition 2013. 103 It is interest- 
ing to note that Cyber Coalition 2012 was run concur- 
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rently with thè annual NATO Crisis Management Ex- 
ercise (CMX), an internai command post exercise that 
does not involve deployed forces. 104 

In addition to thè Cyber Coalition exercises, thè 
CCD COE in Tallinn, Estonia, has sponsored thè dedi- 
cated annual cyber exercise, Locked Shields, since 
2010 (initially called Baltic Cyber Shield). Having 
grown significantly over thè years, Locked Shields 
2015 involved 400 participants from 16 nations, and 
was sponsored by a grant from thè government of 
Canada. 105 The scenario included cyber attacks on thè 
fictitious country of Berlya, possibly by thè rivai na- 
tion of Crimsonia. It was, perhaps, a shrewd homage 
to thè 2007 cyber attacks on Estonia typically attrib- 
uted to Russia, but never proven conclusively. 106 From 
its outset, thè Locked Shields exercises have involved 
scenarios that include attacks on criticai infrastructure. 
The CCD COE keeps after action reports from thè ex- 
ercises in its publicly accessible website library. 107 

Bolstered in part by thè new strategie direction for 
NATO following thè 2010 Lisbon Summit, thè NATO 
Joint Warfare Centre integrated cyber defense ac- 
tivities into their Steadfast Juncture 2011 exercise as 
part of thè initial effort to develop "across NATO's 
battlestaffs a comprehensive understanding of thè 
far reaching impaets of cyber attack." 108 To mirror thè 
complexity of reai world cyberspace vulnerabilities, 
thè exercise designers injected cyber attacks into three 
target categories: NATO command and control (e.g., 
computer networks); NATO operati ons (e.g., airports, 
seaports, petroleum, electricity); and NATO mission 
stability (e.g., energy, medicai, financial, transporta- 
ti on, communication). 109 Two years later, life imitated 
thè scenario as Steadfast Jazz 2013 participants ex- 
perienced real-world cyber attacks during exercise 
activities. 110 
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Cyber defense activities were also integrated into 
thè 2014 Coalition Warrior Interoperability eXplora- 
tion, eXperimentation, eXamination eXercise (CWIX) 
held at thè Joint Forces Training Centre in Bydgoszcz, 
Poland "to solve existing interoperability issues and 
explore and share potential Solutions in anticipation 
of future operations and budget constraints." 111 The 
cumulative lessons learned from cyber experience 
in NATO exercises were used to inform thè recent 
Trident Juncture 2015 exercise (TRJE15), thè largest 
NATO exercise since 2002. The exercise was planned 
to be conducted from October 3 to November 6, 2015 
in Italy, Portugal, and Spain! 12 As discussed earlier, 
TRJE15 tested many of thè concepts in thè NATO 
Smart Defence and Connected Forces Indiati ve to cer- 
tify Joint Force Command Brunssum for command of 
thè NATO Response Force. 113 Cyber experts from thè 
NATO Joint Warfare Centre published a series of sev- 
en recommendations specifically aimed at applying 
cyber defense transformation measures gleaned from 
thè last four STEADFAST exercises to TRJE15. 114 These 
exercises test operational concepts and processes that 
may be applied in contemporary situations within thè 
Alliance. What are thè key issues related to thè cur- 
rent NATO cyber policy that require thè thoughtful 
consideration of senior leaders? 

KEY ISSUES FOR CURRENT POLICY 

The 2010 NATO Strategie Concept represents a 
renaissance of NATO core tasks. The new Enhanced 
Cyber Defence Policy affirms thè role that NATO cy- 
ber defense contributes to thè mission of collective 
defense and embraces thè notion that a cyber attack 
may lead to thè invocation of Artide 5 actions for thè 
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Alliance. Against this backdrop, this section examines 
thè related issues of offensive cyberspace, deterrence 
in and through cyberspace, legai considerations, and 
cooperation with thè EU. 

Offensive Cyberspace. 

A significant "elephant in thè room" issue for 
NATO cyberspace operations is thè possibility of any 
use of offensive cyber by thè Alliance. Cyber expert 
James Lewis poses this challenge as: "The centrai ques- 
tion for NATO's cyber doctrine is how thè lack of an 
articulated offensive cyber capability affects its abil- 
ity to deter or defend ." 115 In generai, offensive cyber- 
space operations may be considered as thè use of cy- 
ber capabilities outside of thè defensive firewall of thè 
NATO network. Such operations could be conducted 
in support of tactical activities by forces in thè physi- 
cal domains (e.g., land, sea, or air) or thè operations 
may be used as long-range strategie weapons directed 
at thè military and infrastructure of another nation. 
The implications of thè purposeful use of devastating 
cyber methods against a foreign homeland bring up 
allusions to thè use of nuclear weapons. In fact, Lewis 
asserts that there is a "cyber club" with NATO — thè 
United States, thè United Kingdom, and Trance — that 
possess not only nuclear weapons, but also an active 
offensive cyberspace capability . 116 Indeed, thè United 
States has officially incorporated offensive cyberspace 
operations (OCO) in its publicly available joint doc- 
trine in generai terms, but details of any OCO imple- 
mentation remain classified . 117 

In practical terms, NATO may already be enter- 
ing thè gray zone of developing active cyber defense 
capabilities that go beyond thè firewall to neutralize 
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specific Internet nodes that are conducting attacks, 
such as those that facilitated distributed denial of Ser- 
vice actions experienced by Estonia in 2007. As one 
NATO cyber officer noted, "NATO has established 
a capable defence for most cyber threats, but that is 
just thè first step and what needs to quickly follow is 
thè development of 'ac ti ve defence' capabilities." 118 In 
implementing such measures, decision-makers must 
recognize that whether acts of active cyber defense are 
considered offensive is not up to thè sender, rather thè 
receiver, because well-justified defensive acts may be 
misinterpreted as aggressioni 19 However, if NATO 
operations do evolve to embrace active cyber defense, 
and then go further to adopt OCO in a manner similar 
to that of nuclear weapons, thè issue of politicai con- 
trol of OCO release and use must be resolved first. 120 
Healey and Jordan assert that thè focus should remain 
on offensive coordination, not capability, and suggest 
that NATO should create a group "with voluntary opt- 
in for states, modeled after NATO's existing Nuclear 
Planning Group, to discuss and map out an offensive 
cyber policy." 121 

Deterrence In and Through Cyberspace. 

Closely related to thè concept of OCO is what part 
such a capability might play in thè overall notion of 
deterrence. Certainly, thè NATO goal of achieving 
deterrence with thè Warsaw Pact through various 
configurations of nuclear force planning has domi- 
nated much of both alliances' early histories. In an 
award-winning essay published in Joint Force Quar- 
terly, Clorinda Trujillo surveyed existing scholarly 
publications and compiled a proposed list of seven 
cyberspace deterrent options, most of which do not 
require OCO. Trujillo also noted thè particular bar- 
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riers associateci with any practice application of cyber 
deterrence, such as thè challenge of attribution as well 
as thè risk of unintentional outcomes where thè use of 
a cyber capability may itself result in further vulner- 
ability . 122 

Deterrence theory usually includes thè possibility 
of an escalation of conflict and force between parties. 
Traditional nuclear deterrence frameworks such as thè 
Kahn escalation ladder have been applied conceptu- 
ally to circumstances that address not only cyber, but 
also conventional and nuclear forces in thè possible 
scenarios . 123 Potential misunderstanding of intentions 
and actions coupled with imperfect situational aware- 
ness and lack of common language may facilitate es- 
calation. In a NATO Defense College research paper, 
Christine Hegenbart argues for thè development of 
precise and actionable linguistics to facilitate under- 
standing of a cyber conflict escalation ladder that may 
span a spectrum from hacktivism/ cyber vandalism all 
thè way up to cyber war . 124 

Deterrence at an international level is most effec- 
tive when it utilizes all instruments of power avail- 
able to a country — diplomatic, information, military, 
and economie. The United States may be thè only 
country with a publicly available declaratory deter- 
rence statement as part of its International Strategy for 
Cyberspace, as stated below: 

When warranted, thè United States will respond to 
hostile acts in cyberspace as we would to any other 
threat to our country. All States possess an inherent 
right to self-defense, and we recognize that certain 
hostile acts conducted through cyberspace could com- 
pel actions under thè commitments we have with our 
military treaty partners. We reserve thè right to use 
all necessary means — diplomatic, informational, mili- 


28 


tary, and economie — as appropriate and consistent 
with applicatile international law, in order to defend 
our Nation, our allies, our partners, and our interests. 

In so doing, we will exhaust all options before military 
force whenever we can; will carefully weigh thè costs 
and risks of action against thè costs of inaction; and 
will act in a way that reflects our values and strength- 
ens our legitimacy, seeking broad international sup- 
port whenever possible . 125 

Sirice thè U.S. statement explicitly includes thè 
protection of allies, this implies inclusion of NATO 
under thè U.S. cyber deterrence umbrella. Even with 
this theoretical protection, policy makers need to con- 
sider how to deal with nonstate actors that are heav- 
ily vested in thè Virtual realm (e.g., Anonymous and 
LulzSec). Such groups may be impossible to deter 
since they have "a different risk tolerance than those 
acting in a physical domain due to their perceived 
anonymity, invulnerability, and global flexibility." 126 

Legai Considerations. 

A continuing issue writ large within both NATO 
and thè global community involves how existing in- 
ternational law applies to activities in cyberspace. 
From a security perspective, significant progress was 
made with thè publication of thè Tallinn Manual on thè 
International Law Applicable to Cyber Warfare in 2013, 
thè culmination of a 3-year collaborative effort spon- 
sored by thè CCD COE. 127 The Tallinn Manual was 
preceded by thè publication of International Cyber Inci- 
dents: Legai Considerations, an earlier study by thè CCD 
COE that includes case studies on four high-visibility 
cyber attacks: Estonia 2007; Radio Free Europe/ Ra- 
dio Liberty 2008; Lithuania 2008; and Georgia 2008. 128 
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The analytical framework within thè Tallinn Manual 
is based largely on thè work of Michael Schmitt, but 
it represents only one such model for evaluating thè 
severity level of cyber conflict. 129 Perhaps not surpris- 
ingly, some non-NATO nati ons — Russia and China 
in particular — do not fully agree with thè principles 
espoused within thè Tallinn Manual. This is a signifi- 
cai challenge considering these countries are two of 
thè five permanent members of thè United Nations 
Security Council. 130 

Recognizing that thè Tallinn Manual focuses on 
cyber warfare amongst state actors at levels that com- 
prise "armed attacks," a CCD COE team is now work- 
ing on how international law applies to less severe 
malevolent activity in cyberspace. The effort known as 
"Tallinn 2.0" looks at aggression below this threshold, 
and publication of an updated Tallinn Manual is an- 
ticipated in 2016. 131 In addition, thè CCD COE contin- 
ues to sponsor courses and workshops that facilitate 
better under standing of legai issues related to cyber 
conflict. 132 

NATO initiatives with thè private sector, such as 
NICP, present significai legai issues regarding thè 
status of thè private contractors' civilian employees 
who support NATO operations. The implications 
regarding their vulnerability to legitimate attack as 
well as liability for due diligence remains under legai 
evaluation. 133 

Cooperation with thè European Union. 

The 2010 Lisbon Summit Declaration included a 
cali for NATO to work more closely with thè EU in 
thè area of cyber defense. 134 Indeed, of thè 28 NATO 
countries, all but Albania, Canada, Iceland, Norway, 
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Turkey, and thè United States are members of thè EU. 
These countries share common interests in security 
programs conducted by both organizations as well as 
thè desire not to have unnecessary duplication of re- 
source contributions. Regarding cyber security, both 
groups have similar goals, but different approaches, 
as summed up by Piret Pernik of thè International 
Centre for Defence Studies in Estonia: 

For both NATO and thè EU, cyber security is a stra- 
tegie issue that impaets thè security and defence of 
member States and of thè organisations themselves. 
They both prioritize thè resilience and defence of their 
own networks, organisations and missions, leaving 
cyber security of individuai members States a national 
responsibility. The missions of thè two organisations 
are complementary, with NATO focusing on security 
and defence aspeets of cyber security, and thè EU deal- 
ing with a broader, mainly non-military range of cyber 
issues (Internet freedom and governance, Online rights 
and data protection), and internai security aspeets . 135 

Previous NATO-sponsored studies have recom- 
mended improved cooperation between NATO and 
thè EU in such areas as criticai infrastructure protec- 
tion . 136 However, unlike NATO, thè EU does not pro- 
vide direct technical support. Rather, it facilitates in- 
formation sharing through such organizations as thè 
European Network and Information Security Agency 
(ENISA) and thè European Defence Agency (EDA ). 137 
Other significant differences between thè two groups 
is that thè EU does not own its command and control 
information systems and it lacks thè centrai author- 
ity for common cyber security, such as that found in 
thè NAC . 138 
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In November 2014, thè Council of thè EU adopted 
thè EU Cyber Defence Policy Framework to identify 
priorities as well as roles and responsibilities related 
to thè EU Common Security and Defence Policy. 139 
Section fi ve of thè framework, "Enhancing coopera- 
tion with relevant international partners," includes 
a description of methods to improve EU and NATO 
collaboration in cyberspace: 

There is a politicai will in thè EU to cooperate further 
with NATO on cyber defence in developing robust 
and resilient cyber defence capabilities as required 
within this Policy Framework. Regular staff-to-staff 
consultations, cross-briefings, as well as possible meet- 
ings between thè Politico-Military Group and relevant 
NATO committees, shall help to avoid unnecessary 
duplication and ensure coherence and complementar- 
ity of efforts, in line with thè existing framework of 
cooperation with NATO . 140 

SUMMARY OF FINDINGS 

This section summarizes thè key findings from 
thè discussion of NATO cyberspace capabilities and 
briefly examines how they apply to U.S. Department 
of Defense (DoD) and U.S. Army cyberspace activities 
in Europe. 

1. The NATO institutional embrace of cyberspace activ- 
ities is similar to other forms ofevolution that thè Alliance 
has undergone since its fonnation. 

Aspects of thè evolution of U.S. military cyberspace 
goals parallel similar developments in NATO. U.S. 
Cyber Command reached its full operational capabil- 
ity and U.S. Army Cyber Command was established 
during thè month before thè Lisbon Summit' s cali 
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for an in-depth update of NATO cyber policy. 141 This 
policy was approved by NATO Defence Ministers in 
June 2011, just a month before thè release of thè DoD 
Stratega for Operating in Cyberspace. 142 Most recently, 
thè endorsement of an enhanced NATO cyber policy 
at thè September 2014 Wales Summit was followed by 
an updated DoD cyber strategy in Aprii 2015. 143 

U.S. European Command (USEUCOM) has also 
evolved to adopt cyber operations into its J6 staff ele- 
ment, officially named thè Command, Control, Com- 
munications and Computer (C4) / Cyber directorate. 
Among its current priorities is "Operationalizing thè 
Joint Cyber Center capabilities (synchronization and 
integration)." In his February 2015 testimony to Con- 
gress, thè USEUCOM Commander, General Philip 
Breedlove, noted two significant milestones for his 
theater's cyberspace capabilities: 

EUCOM's first Cyber Combat Mission Team (CMT) 
and Cyber Protection Team (CPT) reached Initial Op- 
erational Capability (IOC) this past year providing us 
with new capabilities to protect our people, Systems, 
information, and infrastructure while holding adver- 
saries at risk. As these teams continue to improve, 
EUCOM will ha ve an enhanced ability to pian and 
conduct Cyberspace Operations to enhance our situ- 
ational awareness and protect our cyber flank ! 44 

U.S. Army Europe (USAREUR) continues to sup- 
port thè changing requirements for not only USEU- 
COM, but U.S. Africa Command as well. In July 2014, 
thè 5th Signal Command opened thè Gray Center 
Cyber Operations Center in Wiesbaden, Germany. 
The center is designed "to consolidate tactical, the- 
ater and strategie Communications" for combatant 
commanders and Army forces and it has a long-term 
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goal "to take over cyberwatch responsibility from thè 
Stuttgart-based European Command." 145 Toward this 
goal, thè center includes a Theater Cyber Operations 
Integration Center. 

2. Despite a cali at thè 2010 Lisbon Summit to incorpo- 
rate thè cyber dimension into NATO doctrine, thè process 
has been slow and inconsistent. The relationship between 
cyberspace and information operations in doctrine is un- 
clear. The focus of NATO cyberspace in doctrine (formai 
and de facto) is defensive and supportive in nature; this 
appears to be by design since NATO has yet to adopt or 
coordinate any position on thè use of any offensive cyber 
activity. 

General Breedlove's February 2015 testimony 
to Congress discussed cyberspace operations and 
information operations as distinct capabilities that 
complement each other. 146 The United States should 
encourage NATO doctrinal development to follow thè 
current DoD model that distinguishes cyberspace op- 
erations from information operations in separate joint 
publications (JP 3-12 and JP 3-13, respectively). 

At thè Service level, thè Army is working to imple- 
ment thè joint doctrine structure through updates in 
field manuals and related training. In September 2015, 
thè Army Cyber COE formalized this as an initiative 
in its Strategie Pian: "Establish Foundational Doctrine 
for Army Cyberspace Operations That Is Consistent 
With Joint Doctrinal Tenets." This initiative includes 
thè development of Field Manual (FM) 3-12, "Cyber- 
space Operations," that will supersede FM 3-38, "Cy- 
ber Electromagnetic Activities." 147 During this transi- 
tion period, thè Army should continue to work with 
NATO nations to share expertise on thè evolving role 
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of cyberspace activities. A good example of such co- 
operation is represented by thè certificate of partner- 
ship signed in March 2015 by Major General Stephen, 
Commanding General of thè Army Cyber COE, and 
Major General Heinrich-Wilhelm Steiner, Command- 
er of thè German Bundeswehr Communication and 
Information Systems Command. 148 

3. The role of cyberspace activities in NATO deterrence 
operations is not yet defined in any public forum. 

As noted, NATO cyberspace forces do not have 
offensive capabilities by design. Thus, some theorists 
may argue that cyberspace operations cannot con- 
tribute to NATO deterrence. A recent Defense Sci- 
ence Board Task Force conducted a detailed study 
"to review and make recommendations to improve 
thè resilience of DoD systems to cyber attacks," and 
thè group's final report offers several insights that 
should be considered by NATO politicai and military 
leaders. 149 The Task Force report's first recommenda- 
tion is to "Protect thè Nuclear Strike as a Deterrent 
(for existing nuclear armed States and existential cy- 
ber attack)," which would be applicable to a limited 
number of state actors that may pose a credible and 
attributable high-tier threat. 150 If adopted by NATO, 
thè schema could leverage thè existing NATO nuclear 
force structure to provide deterrence against existen- 
tial-level cyber attacks. 

Perhaps a more tempered and balanced approach 
is offered by thè same report's second recommenda- 
tion: "Determine thè Mix of Cyber, Protected-Con- 
ventional, and Nuclear Capabilities Necessary for 
Assured Operation in thè Face of a Full-Spectrum 
Adversary." 151 In contrast to thè focus of thè first rec- 
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ommendation on thè extreme end of thè attack spec- 
trum, thè report asserts, "this strategy [of thè second 
recommendation] builds a reai ladder of capabilities 
and alleviates thè need to protect all of our systems 
to thè highest level requirements." 152 As U.S. politicai 
and military leadership wrestles with thè methods 
best suited to achieving deterrence using all forms of 
national power — including cyberspace capabilities — 
they should continue to factor in thè deterrence pro- 
vided indirectly to NATO. 

4. Cyberspace presents thè Alliance with complex and 
interconnected challenges such as criticai infrastructure 
protection at thè NATO and national level. Many nations 
face further challenges in coordinating and integrating 
their own internai whole-of-government approaches. 

Certainly, thè United States is among those nations 
striving to develop and maintain a national cyberspace 
defense that is coordinated across federai, state, and 
locai government. While self-interest is a necessity for 
any sovereign country, there are areas of cyberspace 
activity where prudent measures and harmonized ac- 
tions work to thè benefit of international security and 
stability. Toward this end, thè Aprii 2015 Department 
of Defense Cyber Strategy identifies Europe as a priori ty 
region for partnership building and explicitly calls for 
DoD to "work with key NATO allies to mitigate cyber 
risks to DoD and U.S. national interests." 153 

At thè combatant command level, USEUCOM has 
sponsored thè annual Exercise Combined Endeavor 
for 20 years as part of thè U.S. investment in improved 
regional C4 interoperability. The exercise is evolving 
to integrate cyber defense into a shared mission net- 
work infrastructure that can accommodate a "bring 
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your own device" environment. 154 However, such ex- 
ercises can only test capabilities developed and honed 
well in advance. Cooperation among partner nations 
is enhanced through opportunities such as thè July 
2015 Cyber Summit sponsored by USAREUR, which 
had a theme that discussed "how to protect criticai 
networks and infrastructure, but stili achieve interop- 
erability with allies in thè cyber domain." 155 

5. NATO has established robust education, training, 
and exercise programs that include dedicated cyber exer- 
cises as well as ones integrated into large-scale exercises 
addressing both thè politicai and military aspects of crisis 
management. 

A thorough education, training, and exercise pro- 
gram for cyberspace should address people and pro- 
grams at all levels within NATO. At thè garrison level, 
USAREUR has an excellent awareness and training 
program, available on their public website, that ad- 
dresses information assurance aspects of cyber secu- 
rity as well as operational security and force protec- 
tion. 156 The repository includes a superb presentation 
on "The Cyber Attack Cycle" that discusses thè seven- 
step process of most cyber attacks developed by thè 
Army Provost Marshal General in collaboration with 
thè Army Cyber Command. 157 

With a solid foundation at thè unit level, USAREUR 
forces also work to establish tactical-level interopera- 
bility through events such as thè annual "Stoney Run" 
exercise between thè Bravo Company, 44th Expedi- 
tionary Signal Battalion and thè 250 Gurkha Signal 
Battalion. Lessons learned from NATO support of thè 
Afghan Mission Network have been applied to devel- 
op thè Army Coalition Mission Environment, which 
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will be integrateci into thè Steadfast Cobalt 15 exercise 
in Poland. Cooperative efforts between thè USAREUR 
102nd Signal Battalion and thè 282nd Bundeswehr 
Command Support Battalion strive to work out cul- 
tural challenges amongst partner nations resulting 
from differences in language, planning cycles, and 
societal values. 158 

At thè NATO operational level, USEUCOM con- 
ducts exercises such as Combined Endeavor 2014, 
which involved 30 nations and three international 
organizations that spent "three weeks training, op- 
erating, and configuring to a common securable 
standard." 159 In addition to large-scale exercises, 
USEUCOM also supports thè education of key lead- 
ers within NATO. In December 2014, thè George C. 
Marshall Center in Garmish-Partenkirchen, Germany 
conducted its inaugurai Program on Cyber Security 
Studies with 67 participants from 47 countries. These 
attendees all had "professional knowledge and ca- 
pabilities to deal with transnational cyber security 
challenges" and thè course material was "tailored for 
senior officials responsible for developing or influ- 
encing cyber legislation, policies or practices in their 
countries." As part of thè agenda, thè USEUCOM/J6, 
Brigadier General Welton Chase Jr. "discussed mutuai 
training opportunities and exercises to enhance cyber 
capabilities, interoperability and resiliency." 160 

6. NATO has done well to include industry, -partner 
countries, and organizations such as thè EU in many of 
their cyber-related activities. 

To help promulgate partnerships beyond military- 
to-military venues, USEUCOM developed Cyber 
Endeavor as its "paramount cyber security collabora- 
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tion, familiarization, and engagement program" that 
includes participation by academia and industry. 161 
Cyber Endeavor began in 2009, and it is comprised of 
a series of regional seminars held in different coun- 
tries with speakers from thè military, academia, and 
companies such as Microsoft, Hewlett Packard, Cisco, 
and Verizon. Cyber Endeavor 2014 held seminars in 
three NATO countries: thè Czech Republic, focused 
on configuration management; Bulgaria, focused on 
vulnerability management; and Romania, focused 
on boundary defense. The 2014 program culminated 
with a capstone seminar in Grafenwohr, Germany, 
held concurrently with exercise Combined Endeavor, 
but separate from its activities. The capstone agenda 
was split equally into two major elements, with one 
half comprised of presentation and discussions on thè 
latest trends in cyberspace activities and thè other half 
concentrated on hands-on training. 162 

7. NATO cyber activities bave provided smaller coun- 
tries with unique leadership roles within thè Alliance. 

In generai, U.S. engagement with smaller NATO 
countries on cyberspace issues has been positive and 
encouraging. As noted earlier, Cyber Endeavor semi- 
nars have been conducted in smaller NATO countries 
as well as Partnership for Peace countries, such as 
Montenegro. 163 The USEUCOM International Cyber 
Engagement team recognized thè opportunity to le- 
verage existing programs, such as thè State Partner- 
ship Program, to involve National Guard units in thè 
development of cyber capabilities of specific nations. 
One example is thè coordination with thè Albania J6 
staff and thè New Jersey National Guard in May 2012 
that followed a successful Cyber Endeavor seminar in 
Tirana in March of that year. 164 
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There have been occasions when thè United States 
has been slower to participate in new NATO cyber- 
space undertakings led by smaller countries. For ex- 
ample, thè United States did not join thè CCD COE 
until November 2011, more than 3 years after its 
founding in Estonia. 165 In addition, there was no ac- 
tive U.S. participation in thè MCDC 2013-2014 CICOA 
cyberspace initiative, although as noted earlier, thè 
United States has taken a lead role in thè MCDC 2015- 
2016 MDCO initiative. 166 While it may not always be 
possible or prudent to have U.S. leadership in every 
area of NATO cyberspace programs, it is advisable 
for USEUCOM and USAREUR leadership to evaluate 
and prioritize future NATO engagement opportuni- 
ties promptly. 

8. NATO has taken a lead role on a global scale in es- 
tablishing standards for legai evaluation of activities in 
cyberspace. 

The United States had an active role in thè devel- 
opment and review of thè originai Tallinn Manual, 
with Professor Michael Schmitt of thè Naval War Col- 
lege serving as Director of The International Group of 
Experts. The U.S. participation included an observer 
from U.S. Cyber Command and reviewers from thè 
Naval Postgraduate School and thè U.S. Military 
Academy. 167 Representatives of thè Naval War Col- 
lege also provide lectures as part of thè law courses 
offered by thè CCD COE. 

The review of contemporary legai issues related 
to cyberspace continues to be addressed in several 
Service-specific journals such as thè U.S. Naval War 
College International Law Studies 168 and The Air Force 
Law Review. 169 Also, The Army Cyber Institute at West 
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Point and U.S. Marine Force Cyberspace Command 
jointly produce The Cyber Defense Review to serve "as 
thè leading online and print journal for issues relat- 
ed to cyber for military, industry, professional and 
academic scholars, practitioners and operators" that 
addresses topics of law, ethics, and policy as well as 
strategy, operations, tactics, and history. 170 

9. Cyberspace efforts must compete for resources with 
other operations and initiatives within NATO. 

Simply put, cyberspace activities are not thè num- 
ber one priority for NATO, and perhaps not even in 
thè top ten. In his May 2015 assessment of thè Wales 
Summit, European expert Dr. John Deni argues that 
one of thè key obstacles facing thè NATO refocus on 
core missions is "thè imbalance between an increasing 
number of missions and stagnating resources." 171 He 
further warns that in such a constrained fiscal envi- 
ronment, "thè clear risk here is that NATO may over- 
commit and over-extend itself" in thè pursuit of six 
new initiatives which do not include existing efforts in 
cyber security as well as those in energy and environ- 
mental security. 172 

Indeed, in his March 2013 testimony to Congress, 
former SACEUR and USEUCOM commander Admi- 
ral James Stavridis listed cyberspace as only one of 
six transnational threats, which, in turn, collectively 
comprised thè fourth of his six theater priorities for 
USEUCOM. 173 The current SACEUR, General Philip 
Breedlove, in his 2014 article "The New NATO" listed 
cyber security challenges in a group of "also need to 
consider threats" toward thè end of thè discussion. 174 
This is not to imply that cyberspace capabilities are 
not important to NATO. Rather, it is to acknowledge 
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thè numerous competing tasks facing thè Alliance as 
it continues to evolve in a complex and dynamic Inter- 
national environment. 

The realm of cyberspace itself will continue to 
change, as will thè myriad actors that operate in and 
through it for purposes related to all instruments of 
power. NATO cyberspace activities face many chal- 
lenges that must be assessed and prioritized on a 
recurring basis by policymakers. While there will 
always be room for improvement, thè overall state 
of cyberspace activities within NATO appears to be 
sound. The continued resourcing for, and pursuit of, 
improved cyberspace capabilities by U.S. military 
forces in Europe will help to ensure thè steady prog- 
ress of NATO cyberspace endeavors. 
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APPENDIX 


SUMMARY OF CYBER-RELATED MATERIAL 
IN DECLARATIONS FROM RECENT NORTH 
ATLANTIC TREATY ORGANIZATION (NATO) 
NORTH ATLANTIC COUNCIL MEETINGS 


NATO North 
Atlantic Council 
Meeting 

Key Cyberspace-Related Text in Summit Declaration 

Prague, Czech 
Republic 

November21, 2002 

4. Effective military forces, an essential part of our overall politicai strategy, 
are vital to safeguard thè freedom and security of our populations and 
to contribute to peace and security in thè Euro-Atlantic region. We have 
therefore decided to: 

f. Strengthen our capabilities to defend against cyber attacks. 1 

Istanbul, Turkey 
June 28, 2004 

No mention of cyber in declaration. 

Brussels, Belgium 
February 25, 2005 

No mention of cyber in declaration. 

Riga, Latvia 
November 29, 2006 

The adaptation of our forces must continue. We have endorsed a set of 
initiatives to increase thè capacity of our forces to address contemporary 
threats and challenges. These include: 

• work to develop a NATO Network Enabled Capability to share informa- 
tion, data and intelligence reliably, securely and without delay in Al- 
liance operations, while improving protection of our key information 
systems against cyber attack 2 

Bucharest, Hungary 
Aprii 3, 2008 

47. NATO remains committed to strengthening key Alliance information 
systems against cyber attacks. We have recently adopted a Policy on Cyber 
Defence, and are developing thè structures and authorities to carry it out. 
Our Policy on Cyber Defence emphasises thè need for NATO and nations 
to protect key information systems in accordance with their respective 
responsibilities; share best practices; and provide a capability to assist 
Allied nations, upon request, to counter a cyber attack. We look forward 
to continuing thè development of NATO’s cyber defence capabilities and 
strengthening thè linkages between NATO and national authorities. 3 
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NATO North 
Atlantic Council 
Meeting 

Key Cyberspace-Related Text in Summit Declaration 

Strasbourg-Kehl, 
France/Germany 
Aprii 2-3, 2009 

49. We remain committed to strengthening communication and information 
Systems that are of criticai importance to thè Alliance against cyber attacks, 
as state and non-state actors may try to exploit thè Alliance’s and Allies’ 
growing reliance on these systems. To prevent and respond to such attacks, 
in line with our agreed Policy on Cyber Defence, we have established 
a NATO Cyber Defence Management Authority, improved thè existing 
Computer incident Response Capability, and activated thè Cooperative 
Cyber Defence Centre of Excellence in Estonia. We will accelerate our cyber 
defence capabilities in order to achieve full readiness. Cyber defence is being 
made an integrai part of NATO exercises. We are further strengthening thè 
linkages between NATO and Partner countries on protection against cyber 
attacks. In this vein, we have developed a framework for cooperation on 
cyber defence between NATO and Partner countries, and acknowledge thè 
need to cooperate with international organisations, as appropriate. 4 

Lisbon, Portugal 
November 20, 2010 

40. Cyber threats are rapidly increasing and evolving in sophistication. In 
order to ensure NATO’s permanent and unfettered access to cyberspace 
and integrity of its criticai systems, we will take into account thè cyber 
dimension of modern conflicts in NATO’s doctrine and improve its 
capabilities to detect, assess, prevent, defend and recover in case of a cyber 
attack against systems of criticai importance to thè Alliance. We will strive 
in particularto accelerate NATO Computer Incident Response Capability 
(NCIRC) to Full Operational Capability (FOC) by 2012 and thè bringing of 
all NATO bodies under centralised cyber protection. We will use NATO’s 
defence planning processes in order to promote thè development of Allies’ 
cyber defence capabilities, to assist individuai Allies upon request, and to 
optimise information sharing, collaboration and interoperability. To address 
thè security risks emanating from cyberspace, we will work closely with 
other actors, such as thè UN and thè EU, as agreed. We have tasked thè 
Council to develop, drawing notably on existing international structures 
and on thè basis of a review of our current policy, a NATO in-depth 
cyber defence policy by June 201 1 and to prepare an action pian for its 
implementation. 5 
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NATO North 
Atlantic Council 
Meeting 

Key Cyberspace-Related Text in Summit Declaration 

Chicago, Illinois, 
USA 

May 20, 2012 

49. Cyber attacks continue to increase significantly in number and 
evolve in sophistication and complexity. We reaffirm thè cyber defence 
commitments made at thè Lisbon Summit. Following Lisbon, last year 
we adopted a Cyber Defence Concept, Policy, and Action Pian, which [is] 
now being implemented. Building on NATO’s existing capabilities, thè 
criticai elements of thè NATO Computer Incident Response Capability 
(IMCIRC) Full Operational Capability (FOC), including protection of most 
sites and users, will be in place by thè end of 2012. We have committed 
to provide thè resources and complete thè necessary reforms to bring all 
NATO bodies under centralised cyber protection, to ensure that enhanced 
cyber defence capabilities protect our collective investment in NATO. We 
will further integrate cyber defence measures into Alliance structures and 
procedures and, as individuai nations, we remain committed to identifying 
and delivering national cyber defence capabilities that strengthen Alliance 
collaboration and interoperability, including through NATO defence planning 
processes. We will develop further our ability to prevent, detect, defend 
against, and recover tram cyber attacks. To address thè cyber security 
threats and to improve our common security, we are committed to engagé 
with relevant partner nations on a case-by-case basis and with International 
organisations, inter alia thè EU, as agreed, thè Council of Europe, thè UN 
and thè OSCE, in order to increase concrete cooperation. We will also take 
full advantage of thè expertise offered by thè Cooperative Cyber Defence 
Centre of Excellence in Estonia. 6 
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NATO North 
Atlantic Council 
Meeting 

Key Cyberspace-Related Text in Summit Declaration 

Newport, Wales, 
UK 

September 5, 2014 

72. As thè Alliance looks to thè future, cyber threats and attacks will 
continue to become more common, sophisticated, and potentially 
damaging. To face this evolving challenge, we have endorsed an Enhanced 
Cyber Defence Policy, contributing to thè fulfillment of thè Alliance’s core 
tasks. The policy reaffirms thè principles of thè indivisibility of Allied security 
and of prevention, detection, resilience, recovery, and defence. It recalls that 
thè fundamental cyber defence responsibility of NATO is to defend its own 
networks, and that assistance to Allies should be addressed in accordance 
with thè spirit of solidarity, emphasizing thè responsibility of Allies to 
develop thè relevant capabilities for thè protection of national networks. 

Our policy also recognises that international law, including international 
humanitarian law and thè UN Charter, applies in cyberspace. Cyber attacks 
can reach athreshold thatthreatens national and Euro-Atlantic prosperity, 
security, and stability. Their impact could be as harmful to modern societies 
as a conventional attack. We affirm therefore that cyber defence is part of 
NATO’s core task of collective defence. A decision as to when a cyber attack 
would lead to thè invocation of Artide 5 would be taken by thè North Atlantic 
Council on a case-by-case basis. 

73. We are committed to developing further our national cyber defence 
capabilities, and we will enhance thè cyber security of national networks 
upon which NATO depends for its core tasks, in order to help make thè 
Alliance resilient and fully protected. Close bilateral and multinational 
cooperation plays a key role in enhancing thè cyber defence capabilities 
of thè Alliance. We will continue to integrate cyber defence into NATO 
operations and operational and contingency planning, and enhance 
information sharing and situational awareness among Allies. Strong 
partnerships play a key role in addressing cyber threats and risks. We will 
therefore continue to engagé actively on cyber issues with relevant partner 
nations on a case-by-case basis and with other international organisations, 
including thè EU, as agreed, and will intensify our cooperation with industry 
through a NATO Industry Cyber Partnership. Technological innovations and 
expertise from thè private sector are cruciai to enable NATO and Allies to 
achieve thè Enhanced Cyber Defence Policy’s objectives. We will improve 
thè level of NATO’s cyber defence education, training, and exercise activities. 
We will develop thè NATO cyber range capability, building, as a first step, 

on thè Estonian cyber range capability, while taking into consideration thè 
capabilities and requirements of thè NATO CIS School and other NATO 
training and education bodies. 7 
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